Microsoft has finally fixed a disastrous bug in its Internet Explorer web browser so severe the U.S. Department of Homeland Security advised computer users to abandon the software.

Adrienne Hall, general manager of Microsoft Trustworthy Computing, said in a statement that the company decided to fix the problem quickly for all customers, saying it takes the security of its products 'incredibly seriously.'

The firm also decided to issue a fix for users of Windows XP, even though it officially no longer supports the software.

Scroll down for video

Clean-up: Microsoft is rushing to fix a bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend

ARE YOU AFFECTED?

Microsoft disclosed on Saturday its plans to fix the bug, which targets Internet Explorer versions 9 through 11.

Those versions take up 26.25 percent of the browser market, according to FireEye, the cybersecurity software company that caught the bug.

The bug, however, reportedly affects versions 6 through 11.

Together, those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.

In addition to possibly switching to an alternative web browser, US-CERT advised businesses to consider using a free Microsoft security tool known as EMET, or the Enhanced Mitigation Experience Toolkit, to thwart potential attacks.

Security experts say EMET is helpful in staving off attacks, but businesses are sometimes reluctant to use it because it can cause systems to crash due to incompatibility with some software programs.

Microsoft first reported the problem on Saturday, saying it was aware of 'limited, targeted attacks' and that the vulnerability affected Internet Explorer versions 6 through 11.

The company said users with automatic updates enabled don't need to take any action.

'For those manually updating, we strongly encourage you to apply this update as quickly as possible following the directions in the released security bulletin,' it said.

RELATED ARTICLES

Share this article

The U.S. Department of Homeland Security has advised computer users to abandon Microsoft's Internet Explorer browser until the company fixes a security flaw that hackers have used to launch attacks.

The bug is the first high-profile security flaw to emerge since Microsoft stopped providing security updates for Windows XP earlier this month.

That means PCs running the 13-year old operating system could remain unprotected against hackers seeking to exploit the newly uncovered flaw, even after Microsoft figures out how to defend against it.

The United States Computer Emergency Readiness Team, a part of Homeland Security known as US-CERT, said in an advisory released on Monday morning that the vulnerability in versions 6 to 11 of Internet Explorer could lead to 'the complete compromise' of an affected system.

'We are currently unaware of a practical solution to this problem,' Carnegie Mellon's Software Engineering Institute warned in a separate advisory, that US-CERT linked to in its warning.

Microsoft Corp is rushing to fix the bug in its widely used Internet Explorer web browser after a computer security firm disclosed the flaw over the weekend, saying hackers have already exploited it in attacks on some U.S. companies.

Microsoft disclosed on Saturday its plans to fix the bug, which targets Internet Explorer versions 9 through 11.

Those versions take up 26.25 percent of the browser market, according to FireEye, the cybersecurity software company that caught the bug.

The bug reportedly affects versions 6 through 11 of Internet Explorer

The bug, however, reportedly affects versions 6 through 11.

Together, those versions dominate desktop browsing, accounting for 55 percent of the PC browser market, according to tech research firm NetMarketShare.

PCs running Windows XP will not receive any updates fixing that bug when they are released, however, because Microsoft stopped supporting the 13-year-old operating system earlier this month.

Security firms estimate that between 15 and 25 percent of the world's PCs still run Windows XP.

FireEye Inc said that a sophisticated group of hackers have been exploiting the bug in a campaign dubbed 'Operation Clandestine Fox.'

FireEye, whose Mandiant division helps companies respond to cyber attacks, declined to name specific victims or identify the group of hackers, saying that an investigation into the matter is still active. It described the hackers as 'extremely proficient at lateral movement' and 'difficult to track.'

'It's a campaign of targeted attacks seemingly against U.S.-based firms, currently tied to defense and financial sectors,' FireEye spokesman Vitor De Souza said via email.

'It's unclear what the motives of this attack group are, at this point. It appears to be broad-spectrum intel gathering.'

He declined to elaborate, though he said one way to protect against them would be to switch to another browser.

The firm has come under fire for the amount of time it took to issue a fix

Microsoft said in the advisory that the vulnerability could allow a hacker to take complete control of an affected system, then do things such as viewing changing, or deleting data, installing malicious programs, or creating accounts that would give hackers full user rights.

FireEye and Microsoft have not provided much information about the security flaw or the approach that hackers could use to figure out how to exploit it, said Aviv Raff, chief technology officer of cybersecurity firm Seculert.

Yet other groups of hackers are now racing to learn more about it so they can launch similar attacks before Microsoft prepares a security update, Raff said.

'Microsoft should move fast,' he said. 'This will snowball.'

Still, he cautioned that Windows XP users will not benefit from that update since Microsoft has just halted support for that product.

The software maker said in a statement to Reuters that it advises Windows XP users to upgrade to one of two most recently versions of its operating system, Windows 7 or 8.